How to Check and Patch Meltdown CPU Vulnerability in Linux

Meltdown is a chip-level security vulnerability that breaks the most fundamental isolation between user programs and the operating system. It allows a program to access the operating system kernel’s and other programs’ private memory areas, and possibly steal sensitive data, such as passwords, crypto-keys and other secrets.

Spectre is a chip-level security flaw that breaks the isolation between different programs. It enables a hacker to trick error-free programs into leaking their sensitive data.

These flaws affect mobile devices, personal computers and cloud systems; depending on the cloud provider’s infrastructure, it might be possible to access/steal data from other customers.

We came across a useful shell script that scans your Linux system to verify whether your kernel has the known correct mitigations in place against Meltdown and Spectre attacks.

spectre-meltdown-checker is a simple shell script to check if your Linux system is vulnerable against the 3 “speculative execution” CVEs (Common Vulnerabilities and Exposures) that were made public early this year. Once you run it, it will inspect your currently running kernel.

Optionally, if you have installed multiple kernels and you’d like to inspect a kernel you’re not running, you can specify a kernel image on the command line.

It will significantly try to detect mitigations, including backported non-vanilla patches, not considering the kernel version number advertised on the system. Note that you should launch this script with root privileges to get accurate information, using the sudo command.

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

7 Responses

I am running Ubuntu Mate 17.10 and ran process twice and still get vulnerable in ‘ Spectre Variant 1 and 2 ‘ , shows exactly what you have in example, is this still in the process of being fixed ? , or am I missing something .